Onedrive não conecta. Apresenta erro 0x8004de40

 

Problema

==================

• Onedrive não conecta. Apresenta erro 0x8004de40

 

 

 

Ambiente

==================

• Problema ocorre com as máquinas windows 7.

 

 

Solução

==================

• Instale o Easy Fix abaixo para permitir que as máquinas windows 7 se comuniquem com TLS 1.2.

https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392#bkmk_easy

 

 

Mais informações

===================

• Código de erro 0x8004de40 ao entrar no OneDrive

https://docs.microsoft.com/pt-br/sharepoint/troubleshoot/administration/error-0x8004de40-in-onedrive

 

 

 

Cloud Password Expiration Policy with Synchronized Users - O365

 

I have brought the steps to enable the password expiration for the users in Office 365. Synchronized users and not synchronized. No On-prem policy nor On-prem user will be touched.

About the synchronized users, we can make them obey the Expiration Policy in the cloud.

 

So, I suggest to first enable the password expiration policy for cloud users and after that Enable Password Expiration for Office 365 Synchronized Users.

The result will be that Cloud users not synced are going to obey the expiration policy and also the Office 365 synced users. Synced users will have to change their password in On-prem Active Directory. If you have password write-back feature enabled they will also be able to change the password online.

 

Enable Password Expiration for Cloud Users

To enable password expiration for cloud users, check the print below:

* Note that this will only affect new cloud users. Synced users and existent cloud users won´t be affected. 

 

 

To set the already existent cloud users to expire the password, it will be necessary to run a command for each cloud user:

set-MsolUser -UserPrincipalName user@domain.onmicrosoft.com -PasswordNeverExpires:$False -StrongPasswordRequired:$True

 

 

Enable Password Expiration for Office 365 Synchronized Users

To enable password expiration in office 365 for synchronized users, run the following command on a Powershell prompt of the AADConnect Server:

Set-MsolDirSyncFeature -Feature EnforceCloudPasswordPolicyForPasswordSyncedUsers

                Enable Yes

 

After running the above command and after the users change their password on-prem, the cloud password will start to expire according described in “Enable Password Expiration for Cloud Users” session above.

 

Usefulness

=========================

You get the best of it when you align your Local AD Password Expiration with Office 365 Password Expiration Policy and have Password Write Back configured.

 

 

Documents

=========================

Set the password expiration policy for your organization

https://docs.microsoft.com/en-us/microsoft-365/admin/manage/set-password-expiration-policy?view=o365-worldwide

 

Password expiration policy

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#password-expiration-policy

 

Tutorial: Enable Azure Active Directory self-service password reset writeback to an on-premises environment

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

 

Como obter a Retention TAG aplicada a uma mensagem de e-mail utilizando MFCMAPI

 

Os itens de e-mail possuem um campo chamado “PR_POLICY_TAG”. Ele possui parte da RetentionID da

Retention TAG aplicada à mensagem de e-mail.

 

Obter o campo “PR_POLICY_TAG” do item de e-mail:

 

Para obtermos o campo “PR_POLICY_TAG”, será necessário abrir um programa chamado “MFCMAPI”

na máquina do usuário que a possui. Seguem passos:

 

1. Baixe o MFCMAPI do site abaixo. MFCMAPI.x64.exe.20.0.20227.01.zip

https://github.com/stephenegriffin/mfcmapi/releases/tag/20.0.20227.01

2. Descompacte e abra o arquivo MFCMapi.exe
3. Clique em menu  QuickStart\Open Folder\Inbox

 

 

 

 

 

4. Clique em menu  QuickStart\Open Folder\Itens Excluídos

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5. Procure pela mensagem antiga e clique sobre ela.
6. Procure pela propriedade “PR_POLICY_TAG” E clique sobre ela.
7. Expanda a coluna “Value” para que possa comportar/exibir todo o valor. Conforme foto
   abaixo:

 

 

 *  Note que o valor é “05DD9E39C123F54D9FE305E9B0096BEE”

 

 

 

Obtendo o RetentionID das Retention TAGs

Veja que, neste exemplo, a TAG criada no Exchange Online possui a

RetentionId     : 399edd05-23c1-4df5-9fe3-05e9b0096bee

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PS C:\temp> Get-RetentionPolicyTag|fl identity,retentionaction,retentionid*     Identity        : Deleta em 4 anos (DPT) RetentionAction : DeleteAndAllowRecovery RetentionId     : 399edd05-23c1-4df5-9fe3-05e9b0096bee

 

 

Comparando o valor de “PR_POLICY_TAG” com o RetentionID

“PR_POLICY_TAG” - “05DD9E39C123F54D9FE305E9B0096BEE”

RetentionId     : 399edd05-23c1-4df5-9fe3-05e9b0096bee

 

*  Note que o final é igual nos dois casos:

 

Conclusão

 

Com o procedimento acima, foi possível identificar qual a Retention TAG

aplicada a uma determinada mensagem de e-mail.

 

 

 

Documentos relacionados a Retention TAGs

============================

Understanding of Managed Folder Assistant with retention policies

https://docs.microsoft.com/en-us/archive/blogs/anya/understanding-of-managed-folder-assistant-with-retention-policies

 

How retention age is calculated

https://docs.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/retention-age

 

Retention tags and retention policies

https://docs.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/retention-tags-and-policies